Add snyk to CI

Use proper snyk flow https://snyk.io/docs/using-snyk/

.gitlab-ci.yml

@@ -1,19 +1,37 @@
 # Use latest version of Node.js
 image: node:latest
 
+stages:
+  - build
+  - test
+  - deploy
+
+cache: # add cache to 'node_modules' for speeding up builds
+  paths:
+    - node_modules/ # Node modules and dependencies
+
+only:
+  - master # CI will affect only the 'master' branch
+
+build-job:
+  stage: build
+  script:
+    - npm install -g hexo-cli snyk
+    - npm install
+    - snyk auth $SNYK_TOKEN
+
+snyk-test:
+  stage: test
+  script:
+    - snyk test # Test node modules for vulnerability
 
 pages:
-  cache: # add cache to 'node_modules' for speeding up builds
+  stage: deploy
-    paths:
-      - node_modules/ # Node modules and dependencies
-
   script:
-    - npm install hexo-cli -g
+    - snyk protect # Apply patches to node modules
-    - npm install
     - hexo deploy # deploy the site
     - find public -type f -iregex '.*\.\(htm\|html\|txt\|text\|js\|css\)$' -execdir gzip -f --keep {} \; # Compress files
   artifacts:
     paths:
       - public # deploy to the 'public' folder
-  only:
+  when: on_success
-    - master # this job will affect only the 'master' branch

.snyk

@@ -1,6 +1,11 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
 version: v1.12.0
-ignore: {}
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'npm:braces:20180219':
+    - '*':
+        reason: Patch/update unavailable
+        expires: 2018-12-31T00:00:00.000Z
 # patches apply the minimum changes required to fix a vulnerability
 patch:
   'npm:lodash:20180130':

package.json

@@ -16,12 +16,6 @@
     "hexo-renderer-ejs": "latest",
     "hexo-renderer-stylus": "latest",
     "hexo-renderer-marked": "latest",
-    "hexo-server": "latest",
+    "hexo-server": "latest"
-    "snyk": "^1.97.1"
+  }
-  },
-  "scripts": {
-    "snyk-protect": "snyk protect",
-    "prepare": "npm run snyk-protect"
-  },
-  "snyk": true
 }